[tor-bugs] #5011 [Pluggable transport]: Discuss possible designs for an external program that discovers bridge addresses to tell Tor about them

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Mar 13 04:25:01 UTC 2012 

#5011: Discuss possible designs for an external program that discovers bridge
addresses to tell Tor about them
---------------------------------+------------------------------------------
 Reporter:  karsten              |          Owner:  mikeperry
     Type:  task                 |         Status:  new      
 Priority:  normal               |      Milestone:           
Component:  Pluggable transport  |        Version:           
 Keywords:  MikePerry201203      |         Parent:  #5010    
   Points:                       |   Actualpoints:           
---------------------------------+------------------------------------------

Comment(by mikeperry):

 Replying to [comment:13 nickm]:
 > So as a first step, make the data format reject partially-bogus
 messages, or messages with junk at the start.  That'll make some  standard
 cross-protocol attacks harder.
 >
 > Second, once the BridgeFinder and whoever needs to use it share a
 secret, they can authenticate  pretty easily; possibly with a simple HMAC
 challenge-response system.  (That'd be ideal; see discussions on #5185).
 So the only hard part is making sure they share a secret.
 >
 > How were you planning for the Chrome extension or the Warcraft plugin or
 whatever to learn the port of the bridgefinder ?  Presumably they could
 learn the shared secret via the same channel.  Finding an appropriate
 channel for esoterically sandboxed stuff is likely to require specific
 work depending on the details of the sandbox; I don't know enough about
 Chrome plugins to know what mechanism would work.

 I was hoping we could get away with fixed port. I think any sort of
 configuration is going to make people sad and confused, unless they're
 walked through the pairing process to generate a secret and give it to
 both Vidalia/Orbot and their plugin of the week. But how does that happen
 on a phone?

 Can we skip the shared secret authentication step in initial
 imlementations, or is it must-have even if we require that "IPC 1" has a
 proper handshake, well-formed-or-die behavior, and triggers user
 confirmation from Vidalia?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5011#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list